The new ransomware group is called 8Base: they define themselves as “honest and simple pentesters” who offer their victims the most loyal conditions for the return of their data.

Here’s what we’ve discovered so far.

It’s not such a new group

Although they have only now become known, it seems that the group’s operations have already begun in April 2022, while the last victims date back to May 2023.

With Hackmanac we analyzed their DLS (Dedicated Leak Site) on the Dark Web and we discovered that at the moment there were 66 victims, 45 in 2022 and 21 in 2023, who evidently refused the negotiations.

The list of victims is in fact accompanied by the complete publication of the data stolen during the attack.

They mostly target SMBs

8Base seems to target mainly small and medium-sized companies, mostly belonging to the Professional / Scientific / Technical sector (36% of attacks known so far) and Manufacturing (17%).

Other sectors affected to a lesser extent are:

• Wholesale/Retail
• Construction
• Healthcare
• ICT
• Financial/Insurance
• Transportation/Storage
• Organizations
• Agriculture / Forestry / Fishing
• Education
• Gov/Mil/LE
• Other Services

The victims are mainly in America and Europe

Analyzing the victims listed in the 8Base DLS, it appears that two thirds of the victims are in America (62%), while a further quarter in Europe (24%).

The most targeted countries are the United States and Brazil:

Other less affected countries are:

• Australia
• Germany
• UK
• Mexico
• Portugal
• Belgium
• Egypt
• China
• Spain
• Madagascar
• France
• Peru
• Canada
• Turkey
• Guatemala
• Venezuela
• India
• Italy

Among the victims also the Italian company SiComputer, attacked on 03/29/2023 and whose data were published a month later.

They have very clear ideas

A characteristic of the group is that their ransom note is particularly detailed.

In addition to the payment terms in bitcoins, clear instructions are in fact provided which prohibit the involvement of third parties, such as the police, agencies (FBI, CIA, NSA, …) or negotiators.

Finally, specific guarantees are provided on the management of the data held by the group.

As in the case of MalasLocker, which we wrote about in our previous article, we are once again in the presence of a cybercriminal group that mainly targets small and medium-sized businesses.
This trend, which seems popular recently, highlights how small companies are a frequent target of cybercriminal operations.

The advice is to monitor computer systems, keep them updated and be aware of cyber threats.

Stay Cyber safe!